I am editing the woocommerce orders.php template and ran into a problem. The template shows to user the orders he has placed. There are now several variables that I think need to be coded for security, such as $date_created or $view_order which contains the order link. So I’m trying to add esc_html to these and other variables but when I do it displays plain text on screen and not html tag with its css.
Is there a way to use esc_html and keep the output clean so it displays html and css tags normally? Sorry but I’m new to all this, I’m trying to learn step by step, I hope someone can show me a possible way / solution. I appreciate any help, thanks.
Basically I use this to display variables and everything works fine, the variable is displayed with its css: 
<td class="product_data"> <span>'. $date_created .'</span></td>If I try to do this, the variables is displayed without its css style 
<td class="product_data"> <span><?php echo esc_html($date_created); ?></span></td>Another example, if I have $example = esc_html( '<a href="http://www.example.com/">A link</a>' ); this displayed as <a href="http://www.example.com/">A link</a> instead of A link. Is there any way to solve this problem?
This is my orders.php template: I don’t think it matters, but I have entered the complete template.
<?php//* echo do_shortcode('[elementor-template id="40136"]'); *//?><div class="orders-container"><?phpdefined( 'ABSPATH' ) || exit;do_action( 'woocommerce_before_account_orders', $has_orders ); ?><table class="table_orders heading"><tr> <td class="product_number">Ordine</td> <td class="product_name">Prodotto</td> <td class="product_data">Data</td> <td class="product_price">Totale</td> <td class="product_status">Stato</td> <td class="product_action">File</td></tr></table><?phpif ( $has_orders ) { // Get Access $order variable Foreach foreach ( $customer_orders->orders as $customer_order ) { // Get $product object from $order / $order_id $order = wc_get_order( $customer_order ); $items = $order->get_items(); $orders_id = $order->get_id(); $status = wc_get_order_status_name( $order->get_status() ); $date_created = $order->get_date_created()->date('d/m/Y'); $payment_method = $order->get_payment_method_title(); $order_total = $order->get_formatted_order_total(); // Get Access Items & Product Variable Foreach foreach ( $items as $item ) { $product_name = $item->get_name(); // Get product image - https://www.businessbloomer.com/woocommerce-easily-get-product-info-title-sku-desc-product-object/ $product = $item->get_product(); if( $product instanceof WC_Product ){ $order_img = $product->get_image(); } //Get product download button $downloads = $order->get_downloadable_items(); if(is_array($downloads)) { foreach($downloads as $product){ $download_button = '<a href="'. $product['download_url'] .'" target="_blank">Download</a>'; } } $view_order = $order->get_view_order_url(); //Start Prov Echo ?> <td class="product_data"> <span class="mobile title">Data</span> <span><?php echo esc_html($date_created); ?></span> </td> <?php // Start echo echo ' <table class="table_orders"> <tr class="table_row_items"> <td class="product_number"> <span class="mobile title">Ordine</span> <span>#'. $orders_id .'</span> </td> <td class="product_name"> <span class="mobile title">Prodotto</span> <a href="'. $view_order .'">'. $product_name .'</a> </td> <td class="product_data"> <span class="mobile title">Data</span> <span>'. $date_created .'</span> </td> <td class="product_price"> <span class="mobile title">Prezzo</span> <span>'. $order_total .'</span> </td> <td class="product_status"> <span class="mobile title">Stato</span> <span>'. $status .'</span> </td> <td class="product_action"> <span class="mobile title">File</span> <a target=”_blank” href="'. $view_order .'">Visualizza<i class="fa-duotone fa-eye"></i></a> </td> </tr> </table> '; //End Echo // Tasto download funzionante - if($downloads) { echo '<div class="container_orders_download"> '. $download_button .' </div>'; } } } // Pagination button - Responsabile dei bottoni e numerazione delle pagine della cronologia ordini ?><div class="container-pagination"><?php $args = array( 'base' => esc_url( wc_get_endpoint_url( 'orders') ) . '%_%', 'format' => '%#%', 'total' => $customer_orders->max_num_pages, 'current' => $current_page, 'show_all' => false, 'end_size' => 3, 'mid_size' => 3, 'prev_next' => true, 'prev_text' => __('<i class="fa-solid fa-angle-left"></i>'), 'next_text' => __('<i class="fa-solid fa-angle-right"></i>'), 'type' => 'plain', 'add_args' => false, 'add_fragment' => '' ); echo paginate_links($args);} else { ?><div class="msg_orders">La tua cronologia ordini è vuota!</div><?php } ?></div><?phpdo_action( 'woocommerce_after_account_orders', $has_orders ); ?></div>Advertisement
Answer
You can use wp_kses_post, it filters text content and strips out disallowed HTML.
echo wp_kses_post( $date_created );